From 7cdf83a93224f5304be3c625fd259cc09c54fa93 Mon Sep 17 00:00:00 2001
From: TANAKA Koichi <mugeso@mugeso.com>
Date: Sat, 10 Sep 2016 17:32:55 +0900
Subject: [PATCH] Implement OAuth2 password flow

---
 src/main/javascript/view/AuthView.js    | 29 ++++++++++++++++++++++++-
 src/main/javascript/view/Oauth2Model.js |  5 ++++-
 src/main/javascript/view/Oauth2View.js  | 12 +++++++++-
 src/main/less/auth.less                 |  5 +++++
 src/main/template/oauth2.handlebars     | 16 ++++++++++----
 5 files changed, 60 insertions(+), 7 deletions(-)

diff --git a/src/main/javascript/view/AuthView.js b/src/main/javascript/view/AuthView.js
index 5d692b84..89178696 100644
--- a/src/main/javascript/view/AuthView.js
+++ b/src/main/javascript/view/AuthView.js
@@ -122,6 +122,12 @@ SwaggerUi.Views.AuthView = Backbone.View.extend({
             this.clientCredentialsFlow(scopes, dets.tokenUrl, container.OAuthSchemeKey);
             return;
         }
+        else if(auth.get('type') === 'oauth2' && flow && (flow === 'password')) {
+            dets = auth.attributes;
+            window.swaggerUi.tokenName = dets.tokenName || 'access_token';
+            this.passwordFlow(scopes, dets.tokenUrl, dets.username, dets.password, window.OAuthSchemeKey);
+            return;
+        }
         else if(auth.get('grantTypes')) {
             // 1.2 support
             var o = auth.get('grantTypes');
@@ -176,6 +182,27 @@ SwaggerUi.Views.AuthView = Backbone.View.extend({
                 onOAuthComplete('');
             }
         });
-    }
+    },
 
+    passwordFlow: function (scopes, tokenUrl, username, password, OAuthSchemeKey) {
+        var params = {
+            'scope': scopes.join(' '),
+            'username': username,
+            'password': password,
+            'grant_type': 'password'
+        };
+        $.ajax({
+            url : tokenUrl,
+            type: 'POST',
+            data: params,
+            success: function (data)
+            {
+                onOAuthComplete(data, OAuthSchemeKey);
+            },
+            error: function ()
+            {
+                onOAuthComplete('');
+            }
+        });
+    }
 });
diff --git a/src/main/javascript/view/Oauth2Model.js b/src/main/javascript/view/Oauth2Model.js
index a31b9528..f5e9ceef 100644
--- a/src/main/javascript/view/Oauth2Model.js
+++ b/src/main/javascript/view/Oauth2Model.js
@@ -2,7 +2,8 @@
 
 SwaggerUi.Models.Oauth2Model = Backbone.Model.extend({
     defaults: {
-        scopes: {}
+        scopes: {},
+        isPasswordFlow: false
     },
 
     initialize: function () {
@@ -19,6 +20,8 @@ SwaggerUi.Models.Oauth2Model = Backbone.Model.extend({
             attributes.scopes = scopes;
             this.attributes = attributes;
         }
+
+        this.set('isPasswordFlow', attributes.flow && attributes.flow === 'password');
         this.on('change', this.validate);
     },
 
diff --git a/src/main/javascript/view/Oauth2View.js b/src/main/javascript/view/Oauth2View.js
index 6251511a..e55b53c8 100644
--- a/src/main/javascript/view/Oauth2View.js
+++ b/src/main/javascript/view/Oauth2View.js
@@ -2,7 +2,9 @@
 
 SwaggerUi.Views.Oauth2View = Backbone.View.extend({
     events: {
-        'change .oauth-scope': 'scopeChange'
+        'change .oauth-scope': 'scopeChange',
+        'change .oauth-username': 'setUsername',
+        'change .oauth-password': 'setPassword'
     },
 
     template: Handlebars.templates.oauth2,
@@ -18,5 +20,13 @@ SwaggerUi.Views.Oauth2View = Backbone.View.extend({
         var scope = $(e.target).data('scope');
 
         this.model.setScopes(scope, val);
+    },
+
+    setUsername: function (e) {
+        this.model.set('username', $(e.target).val());
+    },
+
+    setPassword: function (e) {
+        this.model.set('password', $(e.target).val());
     }
 });
\ No newline at end of file
diff --git a/src/main/less/auth.less b/src/main/less/auth.less
index 67c18faa..c5d4338b 100644
--- a/src/main/less/auth.less
+++ b/src/main/less/auth.less
@@ -201,4 +201,9 @@
   }
 
   .api-popup-actions { padding-top: 10px; }
+
+  fieldset {
+    padding-bottom: 10px;
+    padding-left: 20px;
+  }
 }
diff --git a/src/main/template/oauth2.handlebars b/src/main/template/oauth2.handlebars
index 44cf5111..35db3a61 100644
--- a/src/main/template/oauth2.handlebars
+++ b/src/main/template/oauth2.handlebars
@@ -1,12 +1,20 @@
 <div>
-    <h3 class="auth__title">Select OAuth2.0 Scopes</h3>
+    <h3 class="auth__title">OAuth2.0</h3>
     <p>{{{sanitize description}}}</p>
+    {{#if authorizationUrl}}<p>Authorization URL: {{{sanitize authorizationUrl}}}</p>{{/if}}
+    {{#if tokenUrl}}<p>Token URL: {{{sanitize tokenUrl}}}</p>{{/if}}
+    <p>flow: {{{escape flow}}}</p>
+    {{#if isPasswordFlow}}
+        <p>Please input username and password for password flow authorization</p>
+        <fieldset>
+            <div><label>Username: <input class="oauth-username" type="text" name="username"></label></div>
+            <div><label>Password: <input class="oauth-password" type="password" name="password"></label></div>
+        </fieldset>
+    {{/if}}
+    <p><strong> {{{escape appName}}} </strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>
     <p>Scopes are used to grant an application different levels of access to data on behalf of the end user. Each API may declare one or more scopes.
         <a href="#">Learn how to use</a>
     </p>
-    <p><strong> {{{escape appName}}} </strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>
-    <p>Authorization URL: {{{sanitize authorizationUrl}}}</p>
-    <p>flow: {{{escape flow}}}</p>
     <ul class="api-popup-scopes">
         {{#each scopes}}
             <li>